This question exists because it has historical significance, but it is not considered a good, on-topic question for this site, so please do not use it as evidence that you can ask similar questions here. This question and its answers are frozen and cannot be changed. More info: help center.

A while ago I used the Tamper Data Firefox Add-on and found it to be quite effective.
It has some good features like being able to choose what requests you wish to tamper with and also has some predefined exploits that you can use to populate field values with.

The Fiddler HTTP debugging proxy has been around for years and is actively maintained. It allows for interception and modification of traffic, crafting custom requests, replaying requests, and is fully scriptable and extendable. It's a Windows-only tool.

It also has extensions for passive and active security testing. Disclaimer - I co-authored those.

An rare occasions, I've had to use wfetch (another free download from MS), to handle raw bytage over the HTTP stream. The specific problem being that almost all other tools, especially proxies and browser plugins, necessarily URL-encode any non-printable characters... and sometimes, you just really want to send that chr(9)....

It has a really lean, interfaces (looks like ncurses), if you like that sort of thing. It has the same capture/view/edit/replay capabilities as many others, but it's very keyboard-friendly. It can also proxy SSL connections!